Re: ISSUE-11: Gathering requirements [FileSystem API]


On Oct 5, 2009, at 14:34 , Nilsson, Claes1 wrote:
> I am considering the following: Web applications, for example social  
> network services,  often require secrets, “credentials” to get  
> access to service APIs.  If these credentials are stored in the  
> application html or JavaScript code then they are easily accessible  
> and can be misused.  To protect these credentials it would be useful  
> if the FileSystem API provides a secure storage and management of  
> credentials.

Are you thinking about API keys, like for Twitter or Flickr, or about  
a different sort of credential?

> What about adding a requirement that says:
> “SHOULD provide secure storage and management of credentials.”

Is that expected to be, say, an encrypted volume? I'm not sure I fully  
understand the level of security you are looking for here, could you  
provide a concrete case of an application using this functionality,  
and how it contrasts with one that doesn't (it doesn't need to be very  

Robin Berjon
   robineko — setting new standards

Received on Monday, 5 October 2009 16:05:14 UTC